Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 13 replies
  • Subscribers 41 subscribers
  • Views 2929 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTPS scanning mobile devices

Jim Boothe1

I am trying to enable HTTPS decyrption and scanning for mobile devices in my network. I not sure what i am doing wrong but when i enable HTTPS scanning in the firewall rule browser traffic works fine. Able to go to google and keywords/content filter works and blocks/warns as expected. However apps on the devices like google play store apple store and others stop functioning. 

I have a chromebook and a iphone in my test firewall rule and both of them are showing the same symptoms. I have added exceptions in the exeptions tab for play.google.com, youtube etc. however when https scanning is enabled in the rule these apps stop working, as soon as i untick the checkmark they start functioning again, but of course then the google searches for keywords or content filtering then stop working. 

Someone please point me in the right direction here to get this working correclty on mobile devices, Android, apple, chromebooks



This thread was automatically locked due to age.
Parents
  • 0

    Jim,

    did you import the CA used for decrypt and scan on your mobile?

  • 0 in reply to lferrara

    Yes i have imported the Sophos_SSLCA as well as the Defult certificate from the Sophos to my mobile devices. 

    Like i said i am able to use the browser fine and it will go to https sites with no cert errors. It is just apps on the device that do not seem to work when https scanning is enabled. 

    I can use the browser on my chromebook and go to play.google.com and it works fine. But from the google play app it acts like there is no internet connection. 

    Same on my iphone with the apple store. 

  • 0 in reply to Jim Boothe1

    Try to add exceptions on web filtering for the following domains:

    google.com
    googleapis.com
    gstatic.com
    googleusercontent.com
    accounts.google.com
    drive.google.com
    docs.google.com

  • 0 in reply to lferrara

    Ok i didnt have a couple of those and the play store works now and my content filters are in tack!

    now my question is where did you go to get all those exclusions? I will need to track down exclusions for other apps as i find them that are not working. 

    For example the apple store even though i have ^([A-Za-z0-9.-]*\.)?apple\.com\.?/ in my exclusions 

  • 0 in reply to Jim Boothe1

    For applestore, add these:

    ^([A-Za-z0-9.-]*\.)?cdn-apple\.com\.?/

    ^([A-Za-z0-9.-]*\.)?icloud\.com\.?/

    ^([A-Za-z0-9.-]*\.)?mzstatic\.com\.?/

    ^([A-Za-z0-9.-]*\.)?apple\.com\.?/

Reply Children
Unfiltered HTML